Those unpleasant folks who bring you those unpleasant rogue security products are continuing their recent trend of naming their malicious creations after legitimate security products. The advantage (to them) is that a potential victim, wondering if he should install one of these money-sucking creations, might do a web search to see if the thing in front of him is a legitimate product. Seeing a site pop up with a similar name might give the victim assurance that he was looking at a legitimate security product and cause him to install the rogue.
We blogged about a rogue named VirusTotal 2010 a few days ago. It’s obviously intended to suck some of the legitimacy out of the high-profile Virus Total malware analysis site.
Francis Montesino, the manager of Malware Processing in Sunbelt’s Clearwater office, noticed this one after it went into VIPRE definitions recently: a rogue named “Wireshark Antivirus,” which obviously is trying to borrow the reputation of the very popular (very real and very legitimate) Wire Shark network analyzer.
It does all the usual stupid rogue stuff: pretends to scan your computer, finds alleged malicious code then refuses to leave until you purchase it.
VIPRE detects it generically as the ever-popular Trojan.Win32.Generic!BT.
The Wireshark Antivirus graphics bear a striking resemblance to a rogue named “SysInternals Antivirus” that Microsoft found in June. Microsoft’s Sysinternals troubleshooting utility suite is a very old and respected collection of tools used by the folks who maintain networks.
(photo credit: Microsoft)
Thanks Francis.
Tom Kelchner